File tree Expand file tree Collapse file tree 5 files changed +34
-9
lines changed Expand file tree Collapse file tree 5 files changed +34
-9
lines changed Original file line number Diff line number Diff line change 253
253
tasks_from : monitoring
254
254
vars :
255
255
cifmw_cephadm_monitoring_network : " {{ lookup('ansible.builtin.ini', 'public_network section=global file=' ~ cifmw_cephadm_bootstrap_conf) }}"
256
+ cifmw_cephadm_dashboard_crt : " {{ cifmw_cephadm_certificate }}"
257
+ cifmw_cephadm_dashboard_key : " {{ cifmw_cephadm_key }}"
258
+
256
259
257
260
- name : Create cephfs volume
258
261
ansible.builtin.import_role :
Original file line number Diff line number Diff line change @@ -57,15 +57,15 @@ need to be changed for a typical EDPM deployment.
57
57
` cifmw_cephadm_certs ` : The path on the ceph host where TLS/SSL certificates
58
58
are located. It points to '/etc/pki/tls'
59
59
60
- * ` cifmw_cephadm_dashboard_crt ` : The SSL/TLS certificate signed by CA which is
61
- an optional parameter. If it is provided, ceph dashboard will be configured
62
- for SSL automatically. Certificate should be made available in
60
+ * ` cifmw_cephadm_certificate ` : The SSL/TLS certificate signed by CA which is
61
+ an optional parameter. If it is provided, ceph dashboard and rgw will be
62
+ configured for SSL automatically. Certificate should be made available in
63
63
` cifmw_cephadm_certs ` path only. To enable SSL for dashboard, both
64
- ` cifmw_cephadm_dashboard_crt ` and ` cifmw_cephadm_dashboard_key ` are needed.
64
+ ` cifmw_cephadm_certificate ` and ` cifmw_cephadm_key ` are needed.
65
65
66
- * ` cifmw_cephadm_dashboard_key ` : The SSL/TLS certificate key which is an
67
- optional parameter. If it is provided, ceph dashboard will be configured
68
- for SSL automatically.
66
+ * ` cifmw_cephadm_key ` : The SSL/TLS certificate key which is an
67
+ optional parameter. If it is provided, ceph dashboard and rgw will be
68
+ configured for SSL automatically.
69
69
70
70
* ` cifmw_cephadm_monitoring_network ` : the Ceph ` public_network ` where the
71
71
dashboard monitoring stack instances should be bound. The network range
Original file line number Diff line number Diff line change @@ -90,8 +90,8 @@ cifmw_ceph_rgw_config:
90
90
cifmw_cephadm_cephfs_name : " cephfs"
91
91
cifmw_cephadm_ceph_spec_fqdn : " {{ ceph_spec_fqdn | default(false) | bool }}"
92
92
cifmw_ceph_dashboard_spec_path : /tmp/ceph_dashboard.yml
93
- cifmw_cephadm_dashboard_crt : " "
94
- cifmw_cephadm_dashboard_key : " "
93
+ cifmw_cephadm_certificate : " "
94
+ cifmw_cephadm_key : " "
95
95
cifmw_cephadm_dashboard_port : 8444
96
96
cifmw_cephadm_grafana_admin_user : ' admin'
97
97
cifmw_cephadm_grafana_admin_password : ' /home/grafana_password.yml'
Original file line number Diff line number Diff line change 29
29
_hosts : " {{ _hosts|default([]) + [ hostvars[item][ceph_hostname_var] ] }}"
30
30
loop : " {{ groups['edpm'] }}"
31
31
32
+ - name : Get and save TLS certificate for rgw spec if provided
33
+ when : cifmw_cephadm_certificate | length > 0 and
34
+ cifmw_cephadm_key | length > 0
35
+ block :
36
+ - name : Get the certificate content
37
+ register : slurp_cert
38
+ ansible.builtin.slurp :
39
+ src : " {{ cifmw_cephadm_certificate }}"
40
+
41
+ - name : Set rgw_frontend_cert for rgw spec
42
+ ansible.builtin.set_fact :
43
+ rgw_frontend_cert : " {{ slurp_cert['content'] | b64decode }}"
44
+
32
45
- name : Create a Ceph RGW spec
33
46
ansible.builtin.template :
34
47
src : templates/ceph_rgw.yml.j2
Original file line number Diff line number Diff line change 13
13
rgw_frontend_port: 8082
14
14
rgw_realm: default
15
15
rgw_zone: default
16
+ {% if rgw_frontend_cert is defined %}
17
+ ssl: true
18
+ rgw_frontend_ssl_certificate: |
19
+ {{ rgw_frontend_cert | indent( width=4 ) }}
20
+ {% endif %}
16
21
---
17
22
service_type: ingress
18
23
service_id: rgw.default
26
31
virtual_ip: {{ cifmw_cephadm_rgw_vip }}
27
32
virtual_interface_networks:
28
33
- {{ cifmw_cephadm_rgw_network }}
34
+ {% if rgw_frontend_cert is defined %}
35
+ ssl_cert: |
36
+ {{ rgw_frontend_cert | indent( width=4 ) }}
37
+ {% endif %}
You can’t perform that action at this time.
0 commit comments